65 matches found
CVE-2026-3116
Mattermost Plugins versions =11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589...
CVE-2026-3116 Improper Input Validation in Zoom Plugin Webhook Handler
Mattermost Plugins versions =11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589...
CVE-2026-3116
CVE-2026-3116 affects Mattermost Plugins with versions
CVE-2026-2461
Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...
CVE-2026-2476
Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...
PT-2026-28420
Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions 10.11.11.0 and 11.4 Description Mattermost plugins do not properly validate timestamps in webhook requests. This allows an attacker to repeatedly send webhook requests, potentially corrupting the state of Zoom...
Mattermost Plugins 安全漏洞
Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and web/dashboard applications. There are security vulnerabilities in versions prior to 11.4, 11.0.4, 11.1.3, 11.3.2, and 10.11.11.0. These...
PT-2026-28425
Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions 10.11.11.0 through 11.4 Description The software does not properly check the size of incoming requests, potentially allowing an authenticated attacker to disrupt service through the webhook endpoint. The issue affec...
EUVD-2026-12411
Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...
CVE-2026-2476
Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...
CVE-2026-2461 Missing authorization check allows unauthorized modification of other users' comments on a board
Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...
CVE-2026-2461 Missing authorization check allows unauthorized modification of other users' comments on a board
Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...
CVE-2026-2461
Mattermost Plugins versions
CVE-2026-2461 Missing authorization check allows unauthorized modification of other users' comments on a board
Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...
CVE-2026-2476
Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...
CVE-2026-2476 MS Teams plugin sensitive config values not properly masked in support packets
Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...
Mattermost Plugins 安全漏洞
Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.3, 11.0.3, 11.2.2, and 10.10.11.0 of Mattermost Plugins contain security vulnerabilities. These...
PT-2026-25680
Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions through 2.0.3.0 Description The Mattermost plugins do not properly mask sensitive configuration values. This allows an attacker with access to support packets to obtain original plugin settings through exported...
Mattermost Plugins 安全漏洞
Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions of Mattermost Plugins 2.0.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem fro...
EUVD-2019-11401
Malware in sbrugna...